Configure ftp access on CentOS 7 and grant user access to website.

Posted On November 9, 2016

We need to setup secure ftp access for VPS user so he can access his wordpress site via ftp as needed. Below are the steps that we took to accomplish this.

1. Install vsftpd

yum -y install vsftpd

2. Configure vsftpd configuration file.

vim /etc/vsftpd/vsftpd.conf

Change the following directives.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

Ones completed restart vsftpd and enable it so it starts during boot

systemctl restart vsftpd
systemctl enable vsftpd

3. Configure firewall access

firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --reload

4. Crete user ftpuser and set password for this user.

useradd ftpuser
passwd ftpuser

5. Make sure users home directory points to webroot

ftpuser:x:1002:1002::/var/www/html/mysite:/bin/bash

6. Add user to apache group

usermod -a -G apache ftpuser

7. Change permittions to apache group on your webroot

chgrp -R apache /var/www/html/webroot/

Secure web root access

This is arguably one of the best ways to balance between security and usability

useradd ftpuser
groupadd ftp-access-group
usermod -a -G ftp-access-group ftp-user
chown root /var/www/html
chgrp ftp-access-group /var/www/html
chmod 775 /var/www
chmod g+s /var/www